P
US9749299B1ActiveUtilityPatentIndex 84

Systems and methods for image-based encryption of cloud data

Assignee: SYMANTEC CORPPriority: Mar 9, 2015Filed: Mar 9, 2015Granted: Aug 29, 2017
Est. expiryMar 9, 2035(~8.7 yrs left)· nominal 20-yr term from priority
Inventors:SOKOLOV ILYAGU LEIBOUCHER MATT
H04L 2209/24H04L 9/14H04L 63/0428H04L 9/30H04L 9/0866G09C 5/00G06F 21/41
84
PatentIndex Score
14
Cited by
11
References
20
Claims

Abstract

The disclosed computer-implemented method for image-based encryption of cloud data may include (1) identifying a user account for a cloud data store, wherein the cloud data store stores at least one secret to be secured by encryption on behalf of the user account, (2) receiving an image file to be used at least in part to generate a cryptographic element to be used for encrypting the secret, the cryptographic element capable of being re-created when the image file is provided again at a later time, (3) using at least one cryptographic function, generating the cryptographic element based at least in part on the image file, and (4) securing the secret by encrypting the secret using the cryptographic element. Various other methods, systems, and computer-readable media are also disclosed.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A computer-implemented method for image-based encryption of cloud data, at least a portion of the method being performed by a computing device comprising at least one processor, the method comprising:
 identifying, by the computing device, a user account for a cloud data store, wherein the cloud data store stores at least one secret to be secured by encryption on behalf of the user account, wherein the secret comprises a master cryptographic element comprising a decryption key for decrypting files in the user account that were previously encrypted using an encryption key; 
 receiving, by the computing device, an image file to be used at least in part to generate a cryptographic element to be used for encrypting the secret, the cryptographic element capable of being re-created when the image file is provided again at a later time; 
 using at least one cryptographic function, generating, by the computing device, the cryptographic element based at least in part on the image file; 
 securing, by the computing device, the secret on behalf of the user account by encrypting the secret using the cryptographic element, wherein the secret is to be decrypted at a later time when the image file is provided again to re-create the cryptographic element to decrypt the secret to re-create the master cryptographic element. 
 
     
     
       2. The computer-implemented method of  claim 1 , wherein the cryptographic element comprises:
 a public encryption key stored with the user account in the cloud data store for encrypting the 
 secret; 
 a private decryption key to be re-created upon receiving the image file when the secret is to be decrypted. 
 
     
     
       3. The computer-implemented method of  claim 1 , wherein the secret comprises a file encrypted using the cryptographic element on behalf of the user account, the file to be decrypted at a later time when the image file is provided again to re-create the cryptographic element. 
     
     
       4. The computer-implemented method of  claim 1 , wherein receiving the image file comprises:
 receiving permission to obtain the image file from a private photo album in the user account; 
 determining that the image file is different from other images in the private photo album. 
 
     
     
       5. The computer-implemented method of  claim 1 , wherein receiving the image file comprises receiving, from a user of the user account, a link to the image file in a user account that is for a social media service and that is also controlled by the user. 
     
     
       6. The computer-implemented method of  claim 1 , wherein generating the cryptographic element comprises creating a description of content within an image rendered from the image file. 
     
     
       7. The computer-implemented method of  claim 1 , wherein generating the cryptographic element comprises selecting at least one metadata tag of the image file. 
     
     
       8. The computer-implemented method of  claim 1 , further comprising storing a copy of the image file, modified so as not to be usable to re-create the cryptographic element, to be used as a prompt to remind a user of the user account of the image file to be provided to re-create the cryptographic element. 
     
     
       9. The computer-implemented method of  claim 8 , wherein a user of the user account provides the image file in response to the prompt at least in part to re-create the cryptographic element so as to recover the ability to decrypt the secret after regaining access to the user account. 
     
     
       10. The computer-implemented method of  claim 8 , wherein the prompt comprises the modified image file displayed with at least one other image, so as to test the user's ability to identify a correct image file to be provided. 
     
     
       11. The computer-implemented method of  claim 8 , further comprising providing the prompt to remind the user of the user account of the image file to be provided to re-create the cryptographic element, the reminder comprising at least one of:
 a modified copy of the image file; 
 a description of content within an image rendered from the image file; 
 text representing at least one metadata tag of the image file. 
 
     
     
       12. The computer-implemented method of  claim 1 , wherein the image file comprises a video file. 
     
     
       13. A system for image-based encryption of cloud data, the system comprising:
 an identification module, stored in memory, that identifies a user account for a cloud data store, wherein the cloud data store stores at least one secret to be secured by encryption on behalf of the user account, wherein the secret comprises a master cryptographic element comprising a decryption key for decrypting files in the user account that were previously encrypted using an encryption key; 
 an image module, stored in memory, that receives an image file to be used at least in part to generate a cryptographic element to be used for encrypting the secret, the cryptographic element capable of being re-created when the image file is provided again at a later time; 
 a key generation module, stored in memory, that uses at least one cryptographic function to generate the cryptographic element based at least in part on the image file; 
 an encryption module, stored in memory, that secures the secret on behalf of the user account by encrypting the secret using the cryptographic element, wherein the secret is to be decrypted at a later time when the image file is provided again to re-create the cryptographic element to decrypt the secret to re-create the master cryptographic element; 
 at least one physical processor configured to execute the identification module, the image module, the key generation module, and the encryption module. 
 
     
     
       14. The system of  claim 13 , wherein the cryptographic element comprises:
 a public encryption key stored with the user account in the cloud data store, for encrypting the 
 secret; 
 a private decryption key to be re-created upon receiving the image file when the secret is to be decrypted. 
 
     
     
       15. The system of  claim 13 , wherein the secret comprises a file encrypted using the cryptographic element on behalf of the user account, the file to be decrypted at a later time when the image file is provided again to re-create the cryptographic element. 
     
     
       16. The system of  claim 13 , wherein the image module received the image file by:
 receiving permission to obtain the image file from a private photo album in the user account; 
 determining that the image file is different from other images in the private photo album. 
 
     
     
       17. The system of  claim 13 , wherein the image module receives the image file by receiving, from a user of the user account, a link to the image file in a user account that is for a social media service and that is also controlled by the user. 
     
     
       18. The system of  claim 13 , wherein the key generation module generates the cryptographic element by creating a description of content within an image rendered from the image file. 
     
     
       19. The system of  claim 13 , wherein the key generation module generates the cryptographic element by selecting at least one metadata tag of the image file. 
     
     
       20. A non-transitory computer-readable medium comprising one or more computer-readable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
 identify a user account for a cloud data store, wherein the cloud data store stores at least one secret to be secured by encryption on behalf of the user account, wherein the secret comprises a master cryptographic element comprising a decryption key for decrypting files in the user account that were previously encrypted using an encryption key; 
 receive an image file to be used at least in part to generate a cryptographic element to be used for encrypting the secret, the cryptographic element capable of being re-created when the image file is provided again at a later time; 
 using at least one cryptographic function, generate the cryptographic element based at least in part on the image file; 
 secure the secret on behalf of the user account by encrypting the secret using the cryptographic element, wherein the secret is to be decrypted at a later time when the image file is provided again to re-create the cryptographic element to decrypt the secret to re-create the master cryptographic element.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.